From b67c690498804130b9fcf2e5b21f70317104fac7 Mon Sep 17 00:00:00 2001
From: Bob4ever <kresse6@hotmail.com>
Date: Thu, 15 Oct 2015 17:22:21 +0200
Subject: [PATCH 1/3] Fixed a bug in SFTP::chmod not using realpath on the
 filepath

---
 phpseclib/Net/SFTP.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/phpseclib/Net/SFTP.php b/phpseclib/Net/SFTP.php
index b056628f..361aac78 100644
--- a/phpseclib/Net/SFTP.php
+++ b/phpseclib/Net/SFTP.php
@@ -1454,6 +1454,7 @@ class Net_SFTP extends Net_SSH2
             return true;
         }
 
+        $filename = $this->_realPath($filename);
         // rather than return what the permissions *should* be, we'll return what they actually are.  this will also
         // tell us if the file actually exists.
         // incidentally, SFTPv4+ adds an additional 32-bit integer field - flags - to the following:

From 579e51c58f07a5ba4e58c574e2e9a8d30c58455a Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Mon, 19 Oct 2015 00:06:41 +0200
Subject: [PATCH 2/3] Add test case for GitHub Issue 850: Realpath in SFTP
 chmod().

---
 tests/Functional/Net/SFTPUserStoryTest.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/Functional/Net/SFTPUserStoryTest.php b/tests/Functional/Net/SFTPUserStoryTest.php
index 770ad95b..c01948f4 100644
--- a/tests/Functional/Net/SFTPUserStoryTest.php
+++ b/tests/Functional/Net/SFTPUserStoryTest.php
@@ -238,6 +238,20 @@ class Functional_Net_SFTPUserStoryTest extends PhpseclibFunctionalTestCase
 
     /**
      * @depends testTruncate
+     * @group github850
+     */
+    public function testChModOnFile($sftp)
+    {
+        $this->assertNotFalse(
+            $sftp->chmod(0755, 'file1.txt'),
+            'Failed asserting that chmod() was successful.'
+        );
+
+        return $sftp;
+    }
+
+    /**
+     * @depends testChModOnFile
      */
     public function testChDirOnFile($sftp)
     {

From 46bb95a265de397c296c1950c7b1b66621aee87a Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Tue, 20 Oct 2015 10:20:58 -0500
Subject: [PATCH 3/3] X509: improve base64-encoded detection rules

---
 phpseclib/Crypt/RSA.php          |  2 +-
 phpseclib/File/X509.php          | 39 ++++++++++++++++++++++++++------
 tests/Unit/File/X509/CSRTest.php | 25 ++++++++++++++++++++
 3 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/phpseclib/Crypt/RSA.php b/phpseclib/Crypt/RSA.php
index d5e58538..9ae9f32d 100644
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@@ -3104,7 +3104,7 @@ class Crypt_RSA
          * subject=/O=organization/OU=org unit/CN=common name
          * issuer=/O=organization/CN=common name
          */
-        $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
+        $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1);
         // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
         $temp = preg_replace('#-+[^-]+-+#', '', $temp);
         // remove new lines
diff --git a/phpseclib/File/X509.php b/phpseclib/File/X509.php
index 36c06019..63a8a231 100644
--- a/phpseclib/File/X509.php
+++ b/phpseclib/File/X509.php
@@ -110,6 +110,12 @@ define('FILE_X509_FORMAT_DER', 1);
  * Only works on CSRs. Not currently supported.
  */
 define('FILE_X509_FORMAT_SPKAC', 2);
+/**
+ * Auto-detect the format
+ *
+ * Used only by the load*() functions
+ */
+define('FILE_X509_FORMAT_AUTO_DETECT', 3);
 /**#@-*/
 
 /**
@@ -1423,10 +1429,11 @@ class File_X509
      * Returns an associative array describing the X.509 cert or a false if the cert failed to load
      *
      * @param string $cert
+     * @param int $mode
      * @access public
      * @return mixed
      */
-    function loadX509($cert)
+    function loadX509($cert, $mode = FILE_X509_FORMAT_AUTO_DETECT)
     {
         if (is_array($cert) && isset($cert['tbsCertificate'])) {
             unset($this->currentCert);
@@ -1447,7 +1454,13 @@ class File_X509
 
         $asn1 = new File_ASN1();
 
-        $cert = $this->_extractBER($cert);
+        if ($mode != FILE_X509_FORMAT_DER) {
+            $newcert = $this->_extractBER($cert);
+            if ($mode == FILE_X509_FORMAT_PEM && $cert == $newcert) {
+                return false;
+            }
+            $cert = $newcert;
+        }
 
         if ($cert === false) {
             $this->currentCert = false;
@@ -2846,7 +2859,7 @@ class File_X509
      * @access public
      * @return mixed
      */
-    function loadCSR($csr)
+    function loadCSR($csr, $mode = FILE_X509_FORMAT_AUTO_DETECT)
     {
         if (is_array($csr) && isset($csr['certificationRequestInfo'])) {
             unset($this->currentCert);
@@ -2865,7 +2878,13 @@ class File_X509
 
         $asn1 = new File_ASN1();
 
-        $csr = $this->_extractBER($csr);
+        if ($mode != FILE_X509_FORMAT_DER) {
+            $newcsr = $this->_extractBER($csr);
+            if ($mode == FILE_X509_FORMAT_PEM && $csr == $newcsr) {
+                return false;
+            }
+            $csr = $newcsr;
+        }
         $orig = $csr;
 
         if ($csr === false) {
@@ -3091,7 +3110,7 @@ class File_X509
      * @access public
      * @return mixed
      */
-    function loadCRL($crl)
+    function loadCRL($crl, $mode = FILE_X509_FORMAT_AUTO_DETECT)
     {
         if (is_array($crl) && isset($crl['tbsCertList'])) {
             $this->currentCert = $crl;
@@ -3101,7 +3120,13 @@ class File_X509
 
         $asn1 = new File_ASN1();
 
-        $crl = $this->_extractBER($crl);
+        if ($mode != FILE_X509_FORMAT_DER) {
+            $newcrl = $this->_extractBER($crl);
+            if ($mode == FILE_X509_FORMAT_PEM && $crl == $newcrl) {
+                return false;
+            }
+            $crl = $newcrl;
+        }
         $orig = $crl;
 
         if ($crl === false) {
@@ -4606,7 +4631,7 @@ class File_X509
          * subject=/O=organization/OU=org unit/CN=common name
          * issuer=/O=organization/CN=common name
          */
-        $temp = preg_replace('#.*?^-+[^-]+-+#ms', '', $str, 1);
+        $temp = preg_replace('#.*?^-+[^-]+-+[\r\n ]*$#ms', '', $str, 1);
         // remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- stuff
         $temp = preg_replace('#-+[^-]+-+#', '', $temp);
         // remove new lines
diff --git a/tests/Unit/File/X509/CSRTest.php b/tests/Unit/File/X509/CSRTest.php
index 26577c26..131237d5 100644
--- a/tests/Unit/File/X509/CSRTest.php
+++ b/tests/Unit/File/X509/CSRTest.php
@@ -68,4 +68,29 @@ draiRBZruwMPwPIP
 
         $this->assertInternalType('array', $csr);
     }
+
+    public function testCSRDER()
+    {
+        $csr = 'MIICdzCCAV8CAQEwDDEKMAgGA1UEAwwBeDCCASIwDQYJKoZIhvcNAQEBBQADggEP' .
+               'ADCCAQoCggEBALtcrFDD2AHe3x2bR00wPDsPH6FJLxr5uc1ybb+ldDB5xNVImC8P' .
+               'LU6VXDZ5z68KjSovs1q0OWJWfCjlAuGLzqO35s86LI1CFuTFdkScVHMwh8zUVFoP' .
+               'pG7/9rKaNxCgaHs4evxjxQP2+Ny7tBqPLb/KV0exm6Twocf963jC/Tyn57G5erRf' .
+               'zpFrfK7DozhxY7znumJ4FuSn0TVkD6PPwZFn9VoTjv2ZoJmacGK+0r5yNKG799F5' .
+               'K8EgDrOCfbzCZjX6GJctyn2SNPTeBuXS9piH21FGnJAryv80zG+zUqFdEyoLUGJt' .
+               '4Vy6+tDP9cW68fiwTZS1Oc1VeFdL1G/CrjkCAwEAAaAmMCQGCSqGSIb3DQEJDjEX' .
+               'MBUwEwYKKwYBBAGCqlsBCQQFMAOCAQEwDQYJKoZIhvcNAQELBQADggEBAF4XOd+1' .
+               'jkJOYRInNpHfhzSD/ktDY50gpLPuDvl4f/ZBlKrb1eDYQG5F3bnYzoZWHN4n+6Zs' .
+               'CkljXs5ZPUZ5LuVpASumoG/aHXGz8c8NC3asJ1V73ljEPAfIXwqoIUoaP9jLL+Ee' .
+               'zy/ZCi2NKWVo2D7ocnn79oblAem9ksSeQl4z3Gvhuug6MsMqn96NU/ZY/vjYzAjb' .
+               'MAvJIVRY0rbCxbFa0K+XNJtF7GLyBxyPNFWCvADhvm9C4uPmoypYg7MY6EewJInN' .
+               'xzMH7I4xDLjNu0VBa6lAxTvflp0joQHKlTYX0SDIKPbQivjZMuObPuxDtkVZ0rQl' .
+               'AjmgMowaN5otTXM=';
+        $csr = base64_decode($csr);
+
+        $x509 = new File_X509();
+
+        $csr = $x509->loadCSR($csr);
+
+        $this->assertInternalType('array', $csr);
+    }
 }